By default, searches for computer files are broadcasted over local networks.

The Electric Frontier Foundation has some choice words for the latest version of the Ubuntu operating system, calling its inclusion of search results from Amazon (and possibly other third parties) a "data leak" and a "violation" of privacy.

The criticism is directed at settings turned on by default in Ubuntu 12.10, which was released earlier this month. As previously reported, unless settings are changed, each time a user searches for a document, app, or other file using the Dash feature of the open-source OS, that search is funneled to Amazon. It can then include advertisements—sent in unencrypted text—in the results. So searches performed at cyber cafes and other places that use unsecured Wi-Fi can be easily intercepted by anyone else who is connected, said EFF Web developer Micah Lee.

"It's a major privacy problem if you can't find things on your own computer without broadcasting what you're looking for to the world," he wrote in a recent blog post. "You could be searching for the latest version of your résumé at work because you're considering leaving your job; you could be searching for a domestic abuse hotline PDF you downloaded or legal documents about filing for divorce; maybe you're looking for documents with file names that will give away trade secrets or activism plans; or you could be searching for a file in your own local porn collection."

In addition to compromising user privacy on public networks, the new Ubuntu feature also gives Amazon the ability to correlate search terms with users' IP addresses. Even worse, according to Ubuntu's third-party privacy policy page, Facebook, Vimeo, and a variety of other services may also get to see the IP address and search terms of users who keep their default settings. Canonical, the company that develops Ubuntu, doesn't say what these services do with the data. Instead, the page refers users to the privacy policy of each service.

There are several ways to turn off the behavior. One is to use the Gnome 3, KDE, or Cinnamon desktop environment instead of the Unity desktop that is included by default. A simpler method is to configure Dash to search only local computer files rather than Amazon and any other Internet sites that may be chosen by Ubuntu. To do that, open the Privacy app and switch "Include online search results" from on to off.

Lee has called on Ubuntu developers to change the default so Amazon is searched only when configuration changes are made.

"Users should be able to install Ubuntu and immediately start using it without having to worry about leaking search queries or sending potentially private information to third party companies," he wrote. "Since many users might find this feature useful, consider displaying a dialog the first time a user logs in that asks if they would like to opt-in."

While you can turn this "feature" off, the real problem is the erosion in trust due to selling users out. It's no longer so far-fetched that there will be more features like this in the future and that they won't have GUI settings to turn them off. Stepping back a bit, I'm disappointed in Ubuntu because I don't trust Microsoft or Apple to do the Right Thing™ regarding privacy but I thought Ubuntu would. I'm no longer so sure about that.

I'm trying to decide what kind of user would actually want advertisements and shopping suggestions in their search criteria when they are looking for a file on their computer? I can't think many, and when you combine that with Linux users, the potential users who might like it seems very, very small indeed.

I'm still trying to understand how Canonical could be so completely out of touch with the user base on this. Mark Shuttleworth is like the proverbial 'Emperor with no clothes' where nobody at Canonical saw fit to tell him this was being handled all wrong.

He pushed this through very late as a pet project, with some Ubuntu blogs and other apologists defending it like it's no big deal. Affilliate programs are no big deal. Disclose them up-front, don't get sneaky and start lying and making up nonexistent privacy policies, for starters. The guy's a loose cannon.

This was all wrong from the beginning, and for the first time I actually thought about what other distros I might use as a fallback option. Not right away, but the signal this act sent is troubling and not at all aligned with my future plans.

Verizon Wireless started to track and mine your data use for "business and marketing reports". Guess what the consumers out of it, nothing. No drop in plans or anything. They should make it an opt in option where your plan drops $5-10 a month. Or 1-2GB more free a month. Not only data they are using it along with your location. They know what app or websites you visit if at a certain store. I'm sure Best Buy could buy data to see how many people visit Amazon while in their stores.

You can Opt Out, but it is defaulted to Opt In.

Now I can understand a free product trying to monetize, but Ubuntu and Linus in general has a status for a long time now that the OS is free, its support and deployment for business when you pay.

or you could be searching for a file in your own local porn collection."

Seriously, do people still have these? I think mine disappeared when the A drive went away ;-)

People have what? You mean NAS with TBs full of HD videos? Who knows. /shrug

I can see this being an issue if you're working on client confidential files and your brother wanted you to visit Amazon.com to order a Fantastic Four BluRay and a copy of Guild Wars 2. And accidentally got your tasks crossed.

Shit happens. The problem is ... is the system so retardedly setup that it does not protect the user? As it seems the case here.

Am I the only user that manages to keep his stuff organized well enough such that local searches are a rare and last resort?

Am I also the only person who thinks the probability that a user searching for a specific local file will be interested whether Amazon happens to sell something that matches part of that file name is vanishingly small?

Am I also the only person who still visits a search engine's website when I want to search for a category of things that don't belong to me (eg: "cats" versus "my cat") ?

I understand the ideal that Shuttleworth is appealing to and trying to make happen, but it's obviously not the whole story, and it's never going to happen as long as privacy and IP laws remain stagnant and the free market becomes increasingly predatory.

I'm relatively certain they enabled encryption before Ubuntu was shipped -- did they not?

They did. The article says: "Technically, when you search for something in Dash, your computer makes a secure HTTPS connection to productsearch.ubuntu.com, sending along your search query and your IP address. If it returns Amazon products to display, your computer then insecurely loads the product images from Amazon's server over HTTP. This means that a passive eavesdropper, such as someone sharing a wireless network with you, will be able to get a good idea of what you're searching for on your own computer based on Amazon product images."

Not to get too much off the topic and risk negative votes, but opensuse running KDE makes for a very simple transistion from windows to Linux. Yast2 lumps together all the set up programs, making sysmtem management a snap. The opensuse installation is quite simple. Some websites have "one click" installation of programs for opensuse. The only thing remotely like work is adding repositories.

I decided to give it a try. You know, keep an open mind. After about a two weeks of use, I finally decided to get rid of it. I use the unity lens for everything now, from opening programs, to opening specific files, and even for working with the programs. But not once has anything that comes up in a search, valid. I guess because most of the time I'm not searching, just using lens to speed up my workflow. I finally got rid of lens, because I find it intrusive and obtrusive.

Seems like if they insist on doing this they should encrypt both sides of the connection, not just outbound.I have been running 12.10 for a couple of weeks, and it really hasn't bothered me too much. However, I hate advertising, and will nuke it sometime if I think about it. That's really the whole point anyway as it should be opt in instead. I never did facebook because everything they do is opt out, and even if you do opt out, they change the rules again.

I think it's a pretty horrible implementation. I don't mind the idea of having a shopping lens built into the dash, but it should not be integrated with local search. If I want a local file I don't want my search results cluttered up with internet search results or shopping results. If I'm searching for information on the internet, I don't want the results cluttered up with local files or shopping results, and if I'm trying to buy something, I don't want the results cluttered up with non-shopping links.

If there was a lens that just searched Amazon, NewEgg and mWave (or had a list of stores you could enable/disable with check boxes), I think that would actually be very useful, but I certainly wouldn't want it combined with local search. It seems like everyone wants to blur the lines between the local machine and the cloud, but personally I like having clear boundaries between "mine" and "not mine".

athauglas wrote:

Am I the only user that manages to keep his stuff organized well enough such that local searches are a rare and last resort?

No, not the last. I have a NAS full of well-organized files. I don't use the search feature much at all for local files or apps. Search is for finding things I don't have, file systems with deep folder hierarchies are for storing and organizing things I do have.

I'm still trying to understand how Canonical could be so completely out of touch with the user base on this. Mark Shuttleworth is like the proverbial 'Emperor with no clothes' where nobody at Canonical saw fit to tell him this was being handled all wrong.

He pushed this through very late as a pet project, with some Ubuntu blogs and other apologists defending it like it's no big deal. Affilliate programs are no big deal. Disclose them up-front, don't get sneaky and start lying and making up nonexistent privacy policies, for starters. The guy's a loose cannon.

This was all wrong from the beginning, and for the first time I actually thought about what other distros I might use as a fallback option. Not right away, but the signal this act sent is troubling and not at all aligned with my future plans.

I'm trying to decide what kind of user would actually want advertisements and shopping suggestions in their search criteria when they are looking for a file on their computer? I can't think many, and when you combine that with Linux users, the potential users who might like it seems very, very small indeed.

Exactly. Leaving aside the ethical debate, what I can't wrap my mind around is how they thought this could be useful in any capacity. Maybe it's just the kind of files I work with and how I store them, but thinking of the kind of things I search for on my local disks, I can't imagine what kind of products could be logically tied to them.

... That is, unless they're attempting to do that whole 'search by demographic' bollocks, like if you're searching for a CPP source file they return a litany of books on programming, which I would predict working about as well as the "Other shows you might like..." feature on Netflix (that is to say, not that well at all).

I think it's a pretty horrible implementation. I don't mind the idea of having a shopping lens built into the dash, but it should not be integrated with local search. If I want a local file I don't want my search results cluttered up with internet search results or shopping results. If I'm searching for information on the internet, I don't want the results cluttered up with local files or shopping results, and if I'm trying to buy something, I don't want the results cluttered up with non-shopping links.

If there was a lens that just searched Amazon, NewEgg and mWave (or had a list of stores you could enable/disable with check boxes), I think that would actually be very useful, but I certainly wouldn't want it combined with local search. It seems like everyone wants to blur the lines between the local machine and the cloud, but personally I like having clear boundaries between "mine" and "not mine".

I'm with you on that. I couldn't have said it better.

Personally, I hate the rush to muddy up the waters between local and remote. I also really enjoy the distinction.

I'm working on my full review of Ubuntu 12.10 right now, and I don't think it's a spoiler to reveal that I have nothing at all positive to say about the shopping integration.

The automatic inclusion of third-party results to searches is something that will drive me away from Ubuntu. I have found Ubuntu to be wonderful through version 12.04, but 12.10's inclusion of automatic third-party search was a showstopper for me. For me, the automatic inclusion of third-party searching is the equivalent of "jumping the shark." Effectively, it is a death blow to Ubuntu because it signals that the inmates are now in charge of the asylum.

How long until a "double-secret-probation search" is included by default in distros such as Ubuntu? I know that my eyes may be shifting back-and-forth now looking for ne'er-do-wells, but is it that far fetched to speculate that once most distros such as Windows, Mac OS/X, and others fully close down to code inspection, it won't be that hard to add "double-secret-probation search" to the mix? When you search for something on a master list of "double-secret-probation" topics, somebody somewhere gets notified on the QT.

Hell, I typed "WikiLeaks", "Anonymous", "HBGary", "StratFor", "hacking", and "security breaches" into Microsoft Word and received an immediate dialog asking if it was OK to send the aforementioned words to Microsoft so that they could update their dictionary at the corporate level.

It already is. Turn it off if you don't want the Amazon results. Hold down the super/windows key and press "A" to search without the Amazon results.

Or just open a terminal window and type "sudo apt-get remove unity-lens-amazon" to get rid of it completely.

I don't know why people are having such a hissy fit over this. It's not really that big of a deal. You use Linux (any distro), you should know that you have complete control over your system. Take advantage of your freedom.

I'm still trying to understand how Canonical could be so completely out of touch with the user base on this. Mark Shuttleworth is like the proverbial 'Emperor with no clothes' where nobody at Canonical saw fit to tell him this was being handled all wrong.

He pushed this through very late as a pet project, with some Ubuntu blogs and other apologists defending it like it's no big deal. Affilliate programs are no big deal. Disclose them up-front, don't get sneaky and start lying and making up nonexistent privacy policies, for starters. The guy's a loose cannon.

This was all wrong from the beginning, and for the first time I actually thought about what other distros I might use as a fallback option. Not right away, but the signal this act sent is troubling and not at all aligned with my future plans.

Or just open a terminal window and type "sudo apt-get remove unity-lens-amazon" to get rid of it completely.

I don't know why people are having such a hissy fit over this. It's not really that big of a deal. You use Linux (any distro), you should know that you have complete control over your system. Take advantage of your freedom.

I remember needing to remove more packages than that, but offhand I can't remember the name. I ended up looking up the option to disable online searching as a backup.

But the point remains. This should not have to be an "opt-out" feature, it should be "opt-in". Of course, Ubuntu knows that if given the option to opt-in with opting out as the default, essentially nobody will choose it, and they won't get as much money from Amazon. As if people didn't have enough reason to hate Unity, anyway.

It already is. Turn it off if you don't want the Amazon results. Hold down the super/windows key and press "A" to search without the Amazon results.

Or just open a terminal window and type "sudo apt-get remove unity-lens-amazon" to get rid of it completely.

I don't know why people are having such a hissy fit over this. It's not really that big of a deal. You use Linux (any distro), you should know that you have complete control over your system. Take advantage of your freedom.

You're so right, it's like all of a sudden Ubuntu users have morphed into older Windows users that have no clue how to do anything but click on the big E to get on the Internet

Am I the only user that manages to keep his stuff organized well enough such that local searches are a rare and last resort?

Exactly.What is wrong with people that they want or need to search for their own stuff all the time?To me it looks like Unity was always designed as a way to extract information. What other reason could there be to go from a simple menu, to having to search for programs you're unlikely to even remember the name of? There seems to have been some kind of lame hope that people would start to search for everything using unity.Pretty clearly though, they haven't yet thought of a good way to make money out of it.Count me as a disenchanted user. As my current install approaches the end of support, my decision is whether to stick with ubuntu and use cairo-dock, or give up and jump ship.

I don't like this as much as anyone, but it isn't wrong for Ubuntu to try to make money from their Linux distro. There's nothing that says that FOSS can't be used to make money, and Ubuntu has been doing a good job for the community for years. There's no reason why they can't work on their balance sheet a little.

That said, Ubuntu just seems to have tried to attract money in an aggressive, ugly fashion with the Unity integration. Maybe they'll back off and try something else, after they see how much people are recoiling.

I'm trying to decide what kind of user would actually want advertisements and shopping suggestions in their search criteria when they are looking for a file on their computer? I can't think many, and when you combine that with Linux users, the potential users who might like it seems very, very small indeed.

I actually know some people who would love this, and more who just wouldn't care.

I think they're suckers, or at least naive.They think I'm paranoid, or at least anal-retentive.

Every article discussing about the shopping results in Ubuntu 12.10 MUST give the command to remove it:

sudo apt-get remove unity-lens-shopping

That there is part of the problem -- most "naive" or "non-techie" users are never going to bring up a terminal or run an "esoteric" CLI command like that.

If this "service" was an opt-in toggle or checkbox, that was part of the normal user interface, along with other typical user-configurable options (like wall-paper, screensaver, default power options, etc) in the preferences menu, people would be praising the innovative feature, rather than complaining about the invasion of privacy.

It already is. Turn it off if you don't want the Amazon results. Hold down the super/windows key and press "A" to search without the Amazon results.

Or just open a terminal window and type "sudo apt-get remove unity-lens-amazon" to get rid of it completely.

I don't know why people are having such a hissy fit over this. It's not really that big of a deal. You use Linux (any distro), you should know that you have complete control over your system. Take advantage of your freedom.

If this "feature was set up so that SUPER+A activated the inclusion of Amazon results, no-one would have a problem with it (and many would praise it).

The ability to include and "fold in" 3rd-party search results might be a good idea; but making this behaviour the default definitely isn't. It has definite privacy implications -- hence the disapprobation . And denigrating reasoned objections as a mere "hissy-fit" is an unwarranted dismissal of valid concerns.